Tagged: dm3-1130us

Installing Arch Linux: LVM on top of an encrypted partition [[UPDATED]]

Years back, I was using Arch Linux on my notebook but gave up at some point after upgrading Arch Linux made my notebook unbootable. After some distro hoppings, I settled down with Debian Linux and it has been my friend since then. But now, out of a whim, I decided to give another try on Arch.

I'll be installing Arch Linux on the same notebook and I wanted the encryption on a disk/partition like before. I looked around some options from the Arch Linux Wiki. I read up on LVM on LUKS, LUKS on LVM, and Plain dm-crypt and decided to go with LVM on LUKS again. One of benefits for LUKS on LVM is that it can have encrypted volumes span multiple disks. It's nice but I don't need it since there is only one disk for the notebook. Plain dm-crypt can encrypt an entire disk and this is nice and ideal but having a USB flash memory around is a bit overkill for me. So, I'll stick with LVM on LUKS again.

I then followed my old post, Installing Arch Linux: LVM on top of an encrypted partition. What do you know? The information on that page was not wrong but was a bit confusing or hard to follow (not to mention about the number of typos. Sheesh!). So, I decided to re-do the whole steps, including the base installation of Arch Linux on LVM. Most of the information here will be duplicates from old one but please bare with me.

Disclaimer:
Information below is gathered mostly from the Arch Linux Wiki page and changed here and there for my liking. This information below is solely used for my purpose and may not be suitable for others.

Erasure of the Hard Disk:

Information (data) on a Hard Drive is written in chunk here and there. Re-partitioning or reformatting a disk does not really removes (erase) the data. It merely remove the system structure that used to identify where the original data was located. This leaves the actual data on a disk.

To securely erase a disk, you could either:

  • Fill with zeros
  • Fill with random bits

Both methods overwrite data on a disk but the first one fill with zero's leaving easily (to some extent) identify where the encrypted data ends. So, I follow the second method. # dd if=/dev/urandom of=/dev/<drive> bs=1M Just to be warned, this takes a long, long time.

Partitioning a Disk:

There is a way to encrypt the /boot partition with GRUB (for details, see Pavel Kogan's blog), but for simplicity, I'll stick with having the /boot partition separated from the encryption and LVM. # fdisk /dev/sda

Partition Layout:
/dev/sda1 -> /boot (bootable) - 300MB should be enough.
/dev/sda2 -> LVM (8e) - the rest of the disk

Configuring LUKS:

cryptsetup is used to interface with LUKS for formatting, mounting and unmounting encrypted partition.

First make sure the device mapper kernel module is installed: # modprobe dm-mod

Then format it as an encrypted LUKS partition: # cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/sda2

  • --cipher: defines the cipher type
  • --key-size: defines the key size
  • --hash sha512: hash algorithm used for key derivation.

It looks like AES cipher in XTS mode (XTS-AES) is most popular these days.

Unlocking/Mapping LUKS partition with the Device Mapper:

To access the encrypted volume, It needs to be unlocked. # cryptsetup open --type luks /dev/sda2 lvm

LVM:

Create a physical volume (encrypted volume) and a group volume. # lvm pvcreate /dev/mapper/lvm # lvm vgcreate lvmvg /dev/mapper/lvm

Create logical volumes on this new volume group. # lvm lvcreate -L 10G -n root lvmvg # lvm lvcreate -L 500M -n swap lvmvg # lvm lvcreate -l 100%FREE -n home lvmvg

Format the filesystems on each logical volume. # mkfs.ext4 /dev/mapper/lvmvg-root # mkfs.ext4 /dev/mapper/lvmvg-home # mkswap /dev/mapper/lvmvg-swap

Mount the filesystems. # mount /dev/mapper/lvmvg-root /mnt # mkdir /mnt/home # mount /dev/mapper/lvmvg-home /mnt/home # swapon /dev/mapper/lvmvg-swap

Prepare the boot partition. # mkfs.ext2 /dev/sda1 # mkdir /mnt/boot # mount /dev/sda1 /mnt/boot

Configure Wireless Network:

Network connection needs to be configured before the installation can take a place. Since my notebook uses WiFi, I need to configure wireless network.

Check for the network interface and whether udev has loaded the driver. # iwconfig -------------------- eth0 no wireless extensions. lo no wireless extensions. wlan0 IEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=14 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on

It looks like wlan0 is available.

Interface activation:

Not required for mine but here is how to activate # ip link set wlan0 up

Access point discovery:

I know my network information like ESSID, Encryption key, etc..., but here is how to list available access points # iwlist wlan0 scan | less

Or, for the new netlink interface # iw dev wlan0 scan | less

Association to the access point

Now a configuration file, /etc/wpa_supplicant.conf, needs to be created for my access point. # vi /etc/wpa_supplicant.conf -------------------- ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel eapol_version=1 ap_scan=1 fast_reauth=1

These options are explained in /etc/wpa_supplicant/wpa_supplicant.conf

Append the passphrase and PSK to the file # wpa_passphrase SSID_NAME "PASSPHRASE" >> /etc/wpa_supplicant.conf

Manual connection:

The WiFi interface should be up by the earlier command ip link set wlan0 up, so now tell wpa_supplicant the driver (wext - Linux Wireless EXTensions), the SSID specified in /etc/wpa_supplicant.conf and the wireless interface. # wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf

  • -B : Run in the background
  • -D : Driver information. Default is WEXT
  • -i : Wireless interface
  • -c : Configuration file

Request an IP address to DHCP server. # dhcpcd wlan0

Check assigned IP address. # ip addr show wlan0 wlan0: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:00:00:00:00:00: brb ff:ff:ff:ff:ff:ff inet 192.168.1.6/24 brb 192.168.1.255 scope global wlan0 inet6 fe80::ffff:ffff:ffff:ffff/64 scope link valid_lft forever preferred_lft forever

Select installation mirror:

Before installing, you may want to edit /etc/pacman.d/mirrorlist such that your preferred mirror is first. This copy of the mirrorlist will be installed on your new system by pacstrap as well, so it's worth getting it right.

Install the base system and other package groups:

The base system is installed using the pacstrap script. pacstrap is a script that installs packages to the specified new root directory. If no packages are given, pacstrap defaults to the "base" group.

Required X Window Systems packages for openbox will be installed in post-installation configuration.

The system uses wireless network, so install the required wireless network packages. # pacstrap /mnt base base-devel wireless_tools wpa_supplicant wpa_actiond

Configurations:

Let's configure the primary configuration files.

Generate an fstab file:

The fstab file contains static filesystem information. It defines how storage devices and partitions are to be mounted and integrated into the overall system. It is read by the mount command to determine which options to use when mounting a specific device or partition.

Check the resulting file afterwards, especially watch for the swap entry. # genfstab -p /mnt >> /mnt/etc/fstab # vi /mnt/etc/fstab -------------------- ... /dev/mapper/lvm-swap none swap defaults 0 0

Chroot into the system (Change root into the new system):

# arch-chroot /mnt

Editing /etc/rc.conf:

/etc/rc.conf is the configuration file for Arch's initscripts. Some of options in this file has been obsolete and they now have own configuration files (ex: hostname, etc...). /etc/rc.conf still configures daemons to start during boot-up and some networking and storage information.

Since LVM is used on this system, I need to enable it so that the kernel knows about it.

# vi /etc/rc.conf -------------------- USELVM="yes"

Hostname:

Configuring hostname requires updating two files, /etc/hostname and /etc/hosts

Add hostname in /etc/hostname # cat > /etc/hostname archy64 ^D

Add hostname in /etc/hosts # vi /etc/hosts -------------------- 127.0.0.1 localhost.localdomain localhost archy64 ::1 localhost.localdomain localhost archy64

Console fonts and keymap:

The console, meaning a terminal running with no X Window System, uses the ASCII character set as the default.

A console font is limited to either 256 or 512 characters. The fonts are found in /usr/share/kbd/consolefonts/.

Keymaps, the connection between the key pressed and the character used by the computer, are found in the subdirectories of /usr/share/kbd/keymaps/ # cat > /etc/vconsole.conf KEYMAP=us FONT= FONT_MAP= ^D

  • KEYMAP - the default (us) is ok
  • FONT - the default (blank) is ok
  • FONT_MAP - the default (blank) is ok

Timezone:

Available time zones and subzones can be found in the /usr/share/zoneinfo/<Zone>/<SubZone> directories.

Create a symlink /etc/localtime to zone file. # ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime

Locale:

Choose the locale(s) from /etc/locale.gen and uncomment them. # vi /etc/locale.gen -------------------- en_US.UTF-8 UTF-8 -------------------- # locale-gen

Setting up system-wide locale:

# cat > /etc/locale.conf LANG=en_US.UTF-8 LC_TIME=en_US.UTF-8 ^D

Set the LANG variable for the ramdisk creation # export LANG=en_US.UTF-8

Hardware clock time:

It's recommended to use UTC. # hwclock --systohc --utc

Create an initial ramdisk environment:

Configure /etc/mkinitcpio.conf for encryption and LVM by adding encrypt lvm2 (in this order) in the HOOKS section before filesystems so that the kernel will find LVM volumes at boot time. # vi /etc/mkinitcpio.conf -------------------- HOOKS="...encrypt lvm2 filesystems..."

Now generate the kernel image. # cd /boot # mkinitcpio -p linux

Install and configure a bootloader:

# pacman -S grub-bios os-prober # grub-install --recheck /dev/sda

Create a grub configuration file. # grub-mkconfig --output /boot/grub/grub.cfg

/boot/grub/grub.cfg

Add cryptdevice=/dev/sda2:lvmvg between root=... and ro in the line starts with linux. This needs to be done for "Arch Linux" and "Arch Linux Fallback". # vi /boot/grub/grub.cfg -------------------- linux /boot/vmlinuz-linux root=/dev/mapper/lvmvg-root cryptdevice=/dev/sda2:lvmvg ro quiet

Root password:

Set the root password now. # passwd

Reboot:

Exit from chroot, unmount the partitions, close the device and reboot. # exit # umount -R /mnt/boot # umount -R /mnt # cryptsetup close lvm # reboot

After rebooting, it should ask you for a passphrase like below:

Post-Installation

Updating the system:

Sync, refresh, and upgrade the entire new system. # pacman -Syu (or pacman --sync --refresh --sysupgrade)

Pacman will now download a fresh copy of the master package list from the server(s) defined in /etc/pacman.conf and perform all available upgrades.

Note: If you get following errors after executing above statement, it most likely you don't have dhcpcd is not running or your network setting is not correct.

error: failed retrieving file '...' from ... : Could not resolve host: ...

Pacman output is saved in /var/log/pacman.log

Adding a user:

Now add a normal user account for daily tasks # useradd -m -g users -G audio,games,log,lp,optical,power,scanner,storage,video,wheel -s /bin/bash ubyt3m3

Set a password for ubyt3m3 # passwd ubyt3m3

X Window System:

The X Window System (commonly X11, or X) is a networking and display protocol which provides windowing on bitmap displays. It provides the standard toolkit and protocol to build graphical user interfaces (GUIs).

Before installing the X11, try to see what kind of video card you have # lspci | grep -e VGA -e 3D

Then install the base Xorg packages using pacman. # pacman -S xorg-server xorg-xinit xorg-server-utils

During the installation, it'll ask you for the type of libgl. Use below information based on the type of video card you have (returned value from the lspci command above), choose a proper driver.

AMD/ATI
xf86-video-amdgpu ... mesa-libgl
xf86-video-ati ... mesa-libgl
catalyst ... catalyst-libgl

Intel
xf86-video-intel ... mesa-libgl

Nvidia
xf86-video-nouveau ... mesa-libgl
nvidia ... nvidia-libgl
nvidia-340xx ... nvidia-340xx-libgl
nvidia-304xx ... nvidia-304xx-libgl

Install video driver:

My system came with ATI Graphics Card, so install the open source raden driver. # pacman -S xf86-video-ati

Install input driver:

Since this install is for notebook, following package is needed for touchpad. # pacman -S xf86-input-synaptics

Are you installing Arch Linux as VirtualBox Guest?

If you are like me, you'd test the installation of OS or software on a virtual system before actually installing on main systems. I use VirtualBox for that. In order for Arch Linux to run X11 within the VirtualBox guest environment, VirtualBox Guest Additions need to be installed. # pacman -S virtualbox-guest-utils

After executing above command, it'll ask you for guest modules. Choose virtualbox-guest-modules-arch if you used linux kernel when you ran mkinitcpio -p linux during the configuration period. For other modules, use virtualbox-guest-dkms

Loading the VirtualBox kernel modules:

Before getting X11 work on the guest environment, VirtualBox kernel modules must be loaded. To do this automatically, enable the vboxservice service. # systemctl enable vboxservice

Load the modules # modprobe -a vboxguest vboxsf vboxvideo

Testing X:

Install the default environment. # pacman -S xorg-twm xorg-xclock xterm

Fonts

Install a set of TrueType fonts, as only unscalable bitmap fonts are included by default. DejaVu is a set of high quality. # pacman -S ttf-dejavu

Now, that's a very base system. If you are interested in installing Openbox, you can follow steps in my post, Openbox (w/ Arch Linux).

That's all!
-gibb

Debian Wheezy (7.5): Encrypted Root Filesystem on laptop

I'm not a distro-hopper. Well, that's what I thought but I'm probably wrong (and nothing wrong with being a distro-hopper!). On my main system, I'm using Slackware since its version 9 or 10. However, on my laptop (HP Pavilion dm3-1130us), I tried RHCE, Fedora, Xubuntu, Mint, CrunchBang, Arch, and FreeBSD. Each distro had its pros and cons but it didn't really stick to me. I liked FreeBSD the best among them but it drained the battery and heated up my laptop compared to other distros. Also I couldn't get some of hardware components (ex: built-in webcam) working. I believe FreeBSD is an excellent OS for servers but probably not for laptops so much. So, I was in a quest for another distro again and decided to try on Debian.

Disclaimer: The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).

Now onto Debian. As other distributions, I wanted to try encrypted disk/filesystem(s) for my laptop. After a bit of research, I came across to this article. Interesting. My laptop doesn't have a CD/DVD drive, either, but I never thought of having a recovery partition in case of emergency. So I decided to give it a try with this method. Since this article is a bit outdated, I'll describe it with most recent version of Debian (Wheezy) and add some steps.

1. Creating Bootable USB Stick

Download the netinst.iso image from Debian website and create a bootable USB stick. # dd if=debian-7.5-0-amd64-netinst.iso of=/dev/sdX

2. Setting Up Recovery System

Start the Debian installer. Since I love OpenBox, I select below options for the installation.
Advanced options -> Alternative desktop environments -> LXDE -> Graphical install
Follow the installer until you get to set the hostname. I set it as debianrecov for recovery. Follow it until you get to "Partition disks" and select Manual. Here is the partition scheme to use:
  • Main partition for LVM and encrypted, taking up the whole disk minus 3GB. Set it as Do not use for now.
  • 3GB recovery partition at the end of the disk. This will be /boot for the main system. (3GB is an arbitrary size I picked. I tried with 1GB and the installation failed when installing packages.)
    - Set it as ext4 mounted as "/" - Set its label as "recovery"
Choose Finish partitioning and write changes to disk. It'll then warn you that there is no partition for swap space and ask you whether to return to the partition menu. Just select No and follow the rest of the installation. Reboot your system and make sure it boots up without any issues.

3. Setting Up Main System

Now boot the Debian installer again. Select the same options for the installation and follow it until you get to "Partition disks". Select Manual. Select the main partition and hit the Continue button. Then choose physical volume for encryption for "Use as:". debian_install_1 Select "Done setting up the partition". Next select "Configure encrypted volumes". Then "Create encrypted volumes" and choose the main partition. After selecting "Yes" for erasing data on the partition, it'll start randomizing it. This will take very long time (on my laptop, it took more than 10 hours). When it's done, it'll ask for a passphrase. This is the phrase you type at every boot and it is not recoverable so don't forget it! Select the contents of the "disk" Encrypted volume and debian_install_2 Next, select physical volume for LVM for "Use as:" and choose "Done setting up the partition". Then select Configure the Logical Volume Manager and create a Volume Group. The original article uses the hostname for the Volume Group to reduce confusion if the disk is plugged into another machine for disaster recovery. I think that's a great idea. Create a Logical Volume called swap. If you plan to use suspend-to-disk, this needs to be at least as large as your RAM. Create a Logical Volume called root. Set the swap Logical Volume you just created to be used as a swap area and your root Logical Volume to be used as ext4 mounted at "/". Also set your recovery partition to be used as ext4, mounted on "/boot", and the format partition option to "no, keep existing data". This is how the partition layout looks like: debian_install_3 Proceed with the rest of the installation and reboot the system when it's done.

4. Making Them Dual-boot

In the original article, it now talks about setting up dual-boot. Debian Wheezy uses GRUB2 and menu.lst is no longer available. However, it should automatically detect your recovery system and it should look like below during GRUB menu: debian_install_4 If your recovery system is missing, you could try running the update-grub2 command in your main system: # update-grub2 Generating grub.cfg ... Found linux image: /boot/vmlinuz-3.2.0-4-amd64 Found initrd image: /boot/initrd.img-3.2.0-4-amd64 Found Debian GNU/Linux (7.5) on /dev/sda2 done If update-grub2 did not work, make sure that the recovery partition was set to be ext4, mounted on "/boot", and the format partition option was set to "no, keep existing data" at the end of Step 3 above. Tomorrow, I'll talk about accessing main system's area from recovery system. That's all! -gibb

FreeBSD 10 with Full Disk Encryption on UFS Filesystem

Since its release on 1/20/2014, I have been trying to install FreeBSD 10 on my HP Pavilion dm3-1130us notebook with ZFS because I wanted to utilize its full disk encryption; however, every time I try, it failed during the boot process with the following messages: gptzfsboot: error 66 lba 48 gptzfsboot: error 66 lba 1 gptzfsboot: No ZFS pools located, can't boot

I googled but couldn't find any solutions even now. If anyone knows how to resolve this, I'm all ears.

Disclaimer:
The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).

So for now, I'm going to install it with full disk encryption on UFS instead. After many trial and errors, I found steps that worked on my system (thanks to BSD Now). I'll just list commands below just in case the site becomes unavailable in the future (it happens!).

Installation:

Follow the installation until the partition menu. Choose shell to manually configure the disk encryption before the OS is installed.

To view a list of disk devices, run: # sysctl kern.disks

With a blank disk, run: # gpart create -s gpt ada0

Or destroy existing one: # gpart destroy -F ada0

Create 3 partitions. The first is for the boot record, the second is an unencrypted /boot partition (from which the kernel is loaded) and the third is the large encrypted partition for the rest of the OS and files. # gpart add -t freebsd-boot -s 512k -a 4k ada0 # gpart add -t freebsd-ufs -l bootfs -s 1g -a 1m ada0 # gpart add -t freebsd-ufs -l encrypted -a 1m ada0

Install the bootcode: # gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0

Encrypt the partition: # geli init -b -s 4096 ada0p3 Enter passphrase: Reenter passphrase:

Attach the device: # geli attach ada0p3 Enter passphrase: cryptosoft0: on motherboard GEOM_ELI: Device ada0p3.eli created GEOM_ELI: Encryption: AES-XTS 128 GEOM_ELI: Crypto: software

Format the partitions: # newfs -U /dev/ada0p2 # newfs -U /dev/ada0p3.eli

Mount the partitions: # mount /dev/ada0p3.eli /mnt # mkdir /mnt/unenc # mount /dev/ada0p2 /mnt/unenc # mkdir /mnt/unenc/boot # ln -s unenc/boot /mnt/boot

Create the fstab file: # vi /tmp/bsdinstall_etc/fstab ---------------------------------------------------- # Device Mountpoint FStype Options Dump Pass# /dev/ada0p2 /unenc ufs rw,noatime 1 1 /dev/ada0p3.eli / ufs rw,noatime 2 2

Automatically load the kernel modules that are required for booting from an encrypted volume: # vi /tmp/bsdinstall_boot/loader.conf ---------------------------------------------------- geom_eli_load="YES" vfs.root.mountfrom="ufs:ada0p3.eli"

Exit out and follow the rest of installation. After rebooting, it should prompt for passphrase.

However, on my system there was a bit of gotcha after the reboot: FreeBSD10_encryption

As you might see in above image, some kernel messages followed right after the passphrase prompt. I did not realize this for a while and made me think that the encryption failed (and it took me a while to figure out...). To confirm the encryption is working, press Enter. The passphrase prompt shows up again: GEOM_ELI: Wrong key for ada0p3. Tries left: 2. Enter passphrase for ada0p3:

That's all!
-gibb

Installing Arch Linux on LVM

A good friend of mine gave me his not-needed notebook (HP Pavilion dm3-1130us) since my 10+-year-old notebook started acting up and became unstable. It got a dual-core AMD chipset with 64bit support. Good enough as a spare machine for the road.

I have been a Slackware user for a while and that's what I use on my home system and old notebook. But for this time, I wanted to try other distributions. After a quick research, I decided to go with Arch Linux. I liked its philosophy and simplicity. It seems very stable as well. That's a plus.

Don't get me wrong, I'm still a fan of slackware. I just wanted to see what else is out there.

I decided to use LVM for Arch Linux because I want to try full system encryption (dm-crypt with LUKS) later on. It seems LVM on LUKS is a growing preference nowadays.

Disclaimer:
Information below is gathered mostly from the Arch Linux Wiki page and changed here and there for my liking. This information below is solely used for my purpose and may not be suitable for others.

Configure Wireless Network:

Network connection needs to be configured before the installation can take a place. Since my notebook uses WiFi, I need to configure wireless network.

Check for the network interface and whether udev has loaded the driver. # iwconfig -------------------- eth0 no wireless extensions. lo no wireless extensions. wlan0 IEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=14 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:on

It looks like wlan0 is available.

Interface activation:

Not required for mine but here is how to activate # ip link set wlan0 up

Access point discovery:

I know my network information like ESSID, Encryption key, etc..., but here is how to list available access points # iwlist wlan0 scan | less

Or, for the new netlink interface # iw dev wlan0 scan | less

Association to the access point

Now a configuration file, /etc/wpa_supplicant.conf, needs to be created for my access point. # vi /etc/wpa_supplicant.conf -------------------- ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel eapol_version=1 ap_scan=1 fast_reauth=1

These options are explained in /etc/wpa_supplicant/wpa_supplicant.conf

Append the passphrase and PSK to the file # wpa_passphrase SSID_NAME "PASSPHRASE" >> /etc/wpa_supplicant.conf

Manual connection:

The WiFi interface should be up by the earlier command ip link set wlan0 up, so now tell wpa_supplicant the driver (wext - Linux Wireless EXTensions), the SSID specified in /etc/wpa_supplicant.conf and the wireless interface. # wpa_supplicant -B -Dwext -i wlan0 -c /etc/wpa_supplicant.conf

  • -B : Run in the background
  • -D : Driver information. Default is WEXT
  • -i : Wireless interface
  • -c : Configuration file

Request an IP address to DHCP server. # dhcpcd wlan0

Check assigned IP address. # ip addr show wlan0 wlan0: mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:00:00:00:00:00: brb ff:ff:ff:ff:ff:ff inet 192.168.1.6/24 brb 192.168.1.255 scope global wlan0 inet6 fe80::ffff:ffff:ffff:ffff/64 scope link valid_lft forever preferred_lft forever

Load the module:

dm-mod needs to be loaded before doing anything with LVM # modprobe dm-mod

Partition a Disk:

# fdisk /dev/sda

Partition Layout:
/dev/sda1 -> LVM

Since I'm using GRUB2, the /boot partition is also included in the LVM partition.

Create Physical Volume:

Initialize these partitions so they can be used by LVM. # pvcreate /dev/sda3

Create Volume Groups:

Create a volume group on this physical volume. Volume group name is lvm. # vgcreate lvm /dev/sda3

Create Logical Volumes:

Create logical volumes on this new volume group. # lvcreate -L 100M -n boot lvm # lvcreate -L 10G -n root lvm # lvcreate -L 500M -n swap lvm # lvcreate -l 100%FREE -n home lvm

Configure block devices, filesystems, and mountpoints:

# mkfs.ext4 /dev/mapper/lvm-boot # mkfs.ext4 /dev/mapper/lvm-root # mkfs.ext4 /dev/mapper/lvm-home # mkswap /dev/mapper/lvm-swap # swapon /dev/mapper/lvm-swap # mount /dev/mapper/lvm-root /mnt # mkdir /mnt/boot # mount /dev/mapper/lvm-boot /mnt/boot # mkdir /mnt/home # mount /dev/mapper/lvm-home /mnt/home

If there are no logical volumes under /dev/mapper, run next commands to bring up the modules and to make volume group available: # modprobe dm-mod # vgscan # vgchange -ay

  • vgscan: Scans all disks for volume groups and re-builds caches
  • vgchange -ay: Makes the logical volumes known to the kernel

Select installation mirror:

Before installing, you may want to edit /etc/pacman.d/mirrorlist such that your preferred mirror is first. This copy of the mirrorlist will be installed on your new system by pacstrap as well, so it's worth getting it right.

Install the base system and other package groups:

The base system is installed using the pacstrap script. pacstrap is a script that installs packages to the specified new root directory. If no packages are given, pacstrap defaults to the "base" group.

Required X Window Systems packages for openbox will be installed in post-installation configuration

The system uses wireless network, so install the required wireless network packages. # pacstrap /mnt base base-devel wireless_tools netcfg wpa_supplicant wpa_actiond

Generate an fstab file

The fstab file contains static filesystem information. It defines how storage devices and partitions are to be mounted and integrated into the overall system. It is read by the mount command to determine which options to use when mounting a specific device or partition.

Most likely swap partition will have wrong filesystem name, so this needs to be changed. # genfstab -p /mnt >> /mnt/etc/fstab # vi /mnt/etc/fstab -------------------- ... /dev/mapper/lvm-swap none swap defaults 0 0

Chroot into the system

# arch-chroot /mnt

Configuring the System

Let's configure the primary configuration files

/etc/rc.conf is the configuration file for Arch's initscripts. Some of options in this file has been obsolete and they now have own configuration files (ex: hostname, etc...). /etc/rc.conf still configures daemons to start during boot-up and some networking and storage information.

Editing /etc/rc.conf:

Since LVM is used on this system, I need to enable it so that the kernel knows about it # vi /etc/rc.conf -------------------- USELVM="yes"

Hostname:

Configuring hostname requires updating two files, /etc/hostname and /etc/hosts

Add hostname in /etc/hostname # cat > /etc/hostsname arch64 ^D

Add hostname in /etc/hosts # vi /etc/hosts -------------------- 127.0.0.1 localhost.localdomain localhost arch64 ::1 localhost.localdomain localhost arch64

Console fonts and keymap:

The console, meaning a terminal running with no X Window System, uses the ASCII character set as the default.

A console font is limited to either 256 or 512 characters. The fonts are found in /usr/share/kbd/consolefonts/.

Keymaps, the connection between the key pressed and the character used by the computer, are found in the subdirectories of /usr/share/kbd/keymaps/ # cat > /etc/vconsole.conf KEYMAP=us FONT= FONT_MAP= ^D

  • KEYMAP - the default (us) is ok
  • FONT - the default (blank) is ok
  • FONT_MAP - the default (blank) is ok

Timezone:

Available time zones and subzones can be found in the /usr/share/zoneinfo/<Zone>/<SubZone> directories.

Create a symlink /etc/localtime to zone file # ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime

Locale:

Choose the locale(s) from /etc/locale.gen and uncomment them. # vi /etc/locale.gen -------------------- en_US.UTF-8 UTF-8 -------------------- # locale-gen

Setting up system-wide locale:

# cat > /etc/locale.conf LANG=en_US.UTF-8 LC_TIME=en_US.UTF-8 ^D

Set the LANG variable for the ramdisk creation # export LANG=en_US.UTF-8

Hardware clock time:

It's recommended to use UTC. # hwclock --systohc --utc

Configuring wireless network:

Copy wireless-wpa from /etc/network.d/examples/ to /etc/network.d and rename it something else. This will be a template for my profile. Open it and change ESSID to my SSID name. Delete everything below ESSID. The KEY value needs to be a hex string so it'll be generated by using the wpa_passphrase command: # wpa_passphrase SSID_NAME "PASSPHRASE" >> /etc/network.d/[profile_name]

Open the profile and delete the lines starting with network={, ssid=, #psk=, and }, leaving only the psk line. Then change this psk to KEY, and add IP='dhcp' to the bottom of the line: cat /etc/network.d/[profile_name] -------------------- CONNECTION='wireless' DESCRIPTION='WPA encrypted wireless connection' INTERFACE='wlan0' SECURITY='wpa' ESSID=[SSID_name] KEY=[hex_string_for_passphrase] IP='dhcp'

Now, connect to the profile: # netcfg [profile_name]

If no errors, it should display :: [profile_name] up

Configure the rc.conf file for auto connecting to the wireless network after each reboot: vi /etc/rc.conf -------------------- DAEMONS=(... net-auto-wireless ...)

Make sure /etc/conf.d/netcfg has the following values: cat /etc/conf.d/netcfg -------------------- NETWORKS=(last) WIRELESS_INTERFACE="wlan0"

Create an initial ramdisk environment:

Configure /etc/mkinitcpio.conf for LVM by adding lvm2 in the HOOKS section before filesystems so that the kernel will find LVM volumes at boot time. # vi /etc/mkinitcpio.conf -------------------- HOOKS="...lvm2 filesystems..."

Now generate the kernel image. # cd /boot # mkinitcpio -p linux

Install and configure a bootloader:

# pacman -S grub-bios # grub-install --target=i386-pc --recheck /dev/sda

Create a grub configuration file. # grub-mkconfig -o /boot/grub/grub.cfg

Root password:

Set the root password now # passwd

Unmount the partitions and reboot:

Exit from the chroot environment. # exit

Since the partitions are mounted under /mnt, unmount them. # umount /mnt/{boot,home,}

Exit the install and reboot. # reboot

Post-Installation

Updating the system:

Sync, refresh, and upgrade the entire new system. # pacman -Syu (or pacman --sync --refresh --sysupgrade)

Pacman will now download a fresh copy of the master package list from the server(s) defined in /etc/pacman.conf and perform all available upgrades.

Pacman output is saved in /var/log/pacman.log

Adding a user:

Now add a normal user account for daily tasks # useradd -m -g users -G audio,games,log,lp,optical,power,scanner,storage,video,wheel -s /bin/bash ubyt3m3

Set a password for ubyt3m3 # passwd ubyt3m3

X Window System:

The X Window System (commonly X11, or X) is a networking and display protocol which provides windowing on bitmap displays. It provides the standard toolkit and protocol to build graphical user interfaces (GUIs).

Now install the base Xorg packages using pacman. # pacman -S xorg-server xorg-xinit xorg-server-utils

Install video driver:

My system came with ATI Graphics Card, so install the open source raden driver. # pacman -S xf86-video-ati

Install input driver:

Since this install is for notebook, following package is needed for touchpad. # pacman -S xf86-input-synaptics

Testing X:

Install the default environment. # pacman -S xorg-twm xorg-xclock xterm

Fonts

Install a set of TrueType fonts, as only unscalable bitmap fonts are included by default. DejaVu is a set of high quality. # pacman -S ttf-dejavu

That's the very base system. Installation and configuration of other software will be in another time.

That's all!
-gibb